Largest DDoS Attacks Zero In on Financial Services Customers

VeriSign sits at a key location within the Internet infrastructure as manager of root zone Domain Name System (DNS) and the dot-com top-level domain. VeriSign also runs a security business with its distributed denial-of-service (DDoS) protection services, giving it further insight into the state of attacks on the Internet today. On June 5, VeriSign released its first-quarter 2014 DDoS Trends Report, providing visibility into attack trends for the period of Jan. 1 to March 31, 2014. On a quarterly basis, VeriSign reported an 83 percent increase in the average DDoS attack size in comparison with the fourth quarter of 2013. Among the largest DDoS attacks that hit VeriSign's network are what are known as Network Time Protocol (NTP) amplification attacks, whose average size ranged from 50G bps to 75G bps during the first quarter of 2014, VeriSign reported. US-CERT has been warning of the increased risk of NTP amplification since January of this year. Amplification represents only one form of DDoS, however. Overall, VeriSign saw the largest DDoS attacks hitting its financial services customers, with a peak of 160G bps. In contrast, DDoS attacks against IT services and cloud customers only had a peak attack volume of 64G bps. In this slide show, eWEEK examines some of the key findings from VeriSign's first-quarter 2014 DDoS Trends Report.

1 of

Largest DDoS Attacks Zero In on Financial Services Customers

by Sean Michael Kerner

Media and Entertainment Vendors Are Key Targets

While many industries are targets for DDoS attacks, during the first quarter of 2014, VeriSign mitigated more attacks against media and entertainment vendors than any other industry vertical.

Frequency of Attacks Against Finance Industry Are Down

In the first quarter of 2014, VeriSign reported that the frequency of attacks against its clients in the finance industry declined by 34 percent year over year. In contrast, there was a 33 percent increase in attack frequency year-over-year for all other industries combined.

Average DDoS Attack Size Was 3.92G bps

The average DDoS attack size in the first quarter of 2014 was 3.92G bps, which is a 6 percent increase over the first quarter of 2013.

The Largest DDoS Attacks Impacted Financial Services

VeriSign reported that its financial services customers were targeted with DDoS attacks that peaked at 160G bps.

Application Layer Is a Key Target

VeriSign found that 30 percent of DDoS attacks during the first quarter took specific aim at Web applications.

Amplification Attacks Ranged from 50G-75G bps

In an amplification attack, the volume of the attack is magnified by leveraging vulnerable Internet services to increase the number of attacking addresses and the total bandwidth. In the first quarter of 2014, VeriSign saw DDoS amplification attacks that abused Network Time Protocol (NTP) and DNS.

SNMP and IKE Attacks Could Be Next

To date, amplification attacks have leveraged NTP and DNS. Looking forward, VeriSign expects attacks to leverage SNMP and IKE, among other UDP protocols to launch new forms of DDoS amplification attacks.